Just working through this for ourselves.
The line: set security nat source rule-set rs1 rule r1 then source-nat gre-nat-pool-1
Should read:
set security nat source rule-set rs1 rule r1 then source-nat pool gre-nat-pool-1 (at least for JunOS 11.4+)
This is our commandset but when applying it doesn't seem to work.
Error:
'policy gre-out'
Address or address_set (w.x.y.126) not found.
error: configuration check-out failed
set applications application GRE-ALG protocol gre
set security nat pool gre-nat-pool-1 address w.x.y.124/30
set security nat pool gre-nat-pool-1 port no-translation
set security nat source rule-set gre1 from zone ServiceX
set security nat source rule-set gre1 to zone untrust
set security nat source rule-set gre1 rule r1 match source-address w.x.y.126
set security nat source rule-set gre1 rule r1 match destination-address 0.0.0.0/0
set security nat source rule-set gre1 rule r1 then source-nat pool gre-nat-pool-1
set security policies from-zone ServiceX to-zone untrust policy gre-out match source-address w.x.y.126 destination-address any application GRE-ALG
set security policies from-zone ServiceX to-zone untrust policy gre-out then permit
w.x.y.:
.124/30 network
.125 port ge-0/0/0
.126 device connected to ge0/0/0
We have a device on ge-0/0/0 on zone ServiceX with a Public I.P, the untrust zone port is ge-4/0/0 and our GRE tunnel fails to receive information from the device (a MicroTik router) on ge-0/0/0
Any assistance would be appreciated.
Regards,
Bevan